package com.rhino.controller;

import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.RestControllerAdvice;

import java.util.Collection;
import java.util.concurrent.CompletableFuture;

/**
 * @ClassName TestController
 * @Description TODO
 * @Author zyk
 * @Create 2021/5/22
 * @Version 1.0
 **/
@Api(tags = "测试接口")
@RestController
@RequestMapping("/test")
public class TestController {
    @Autowired
    private ApplicationContext applicationContext;

    //是否有权限
    @ApiOperation(value = "测试是否有Admin权限访问", notes = "Admin")
    @GetMapping("/authority")
    @PreAuthorize("hasAuthority('Admin')")
    public String getByAuthority(){
        return "Ok";
    }

    //@PreAuthorize 内部只需要指定SpEL表达式，返回True，即可。可以随意写这个EL表达式
    //案例，当前用户只能查询当前用户的数据；或者根据部门ID参数查询当前用户所属部门下的数据等等操作
    //#userName，"#" --说明获取参数名称
    @GetMapping("/spel")
    @PreAuthorize("principal.username.equals(#userName)")
    public String getBySpel(String userName){
        return "Ok";
    }

    //访问这个地址，必须要有 Employee 或ROLE_Employee 角色才可以，验证时没有"ROLE_"会自动加上；
    // @Secured专门判断用户是否具有角色，可以写在方法或类上，参数以 ROLE_ 开头
//    @Secured(value = {"ROLE_Employee","ROLE_Employee2"})
    @PreAuthorize("hasRole('Employee')")
    @GetMapping("/role")
    public String getByRole(){
        //SecurityContextHolder 可获取当前登录用户及票据信息
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
        Object credentials = authentication.getCredentials();
        Object principal = authentication.getPrincipal();
        Object details = authentication.getDetails();

        return "ok";
    }


    @GetMapping("/name")
    //EL表达式， 自定义授权业务逻辑。authorityPermission Spring 管理Bean，调用方法 hasPermission()返回Boolean
    @PreAuthorize("@authorityPermission.hasPermission('Admin')")
    public String getNameByAuth(){
        return "Ok";
    }


    //Security 提供了自定义PermissionEvaluator  判断是否有权限，用于复杂认证业务;
    // 默认是DenyAllPermissionEvaluator，所有都返回false; 可以定义类，实现接口PermissionEvaluator；
    @GetMapping("/permission")
    //EL表达式， hasPermission 指定调用哪个Spring Bean的
    @PreAuthorize("hasPermission('target','Admin')")
    public String getByPermission(){
        return "Ok";
    }



    //只要登录用户就可以访问
    @GetMapping("/test1")
    public String test1(){
        return "ok";
    }
}
